I have a 5520 that is having issues. I have one Dynamic NAT for a few different inside networks to one public IP. Also, included in my block of public IP's i have a few static one to one NAT's. The problem is i recently added another ISP. I configured one of my ASA interfaces with the IP the new ISP gave me. I created a PAT for ONE of my inside networks to that one new public IP. So basically i have two ISP's connected to my ASA. One for my normal network and one for a special vlan. When i try to get out to the internet i can't. When i look at the logging on the ASA it is coming back "PORTMAP TRANSLATION CREATION FAILED" I have NAT CONTROL on. When i turn it off the portmap error goes away but i still can't get out. Please....any suggestions?
This is a dual ISP scenario. You may have to use Policy-based routing (PBR) at the edge router for ISP1 and divert traffic meant to go through the IPS2 router. This is because ASA can use only one default route to the outside. Connect the ISP2 router also on the same outside segment as the IPS1 router. Use VLANs on the ASA outside interface. You will also have to route the return traffic properly on the ISP routers.
I have a Cisco 4506 as my core > ASA5520 > FAST HUB > Edge Router to ISP1. We added a second ISP. That router is physically someplace else, but i have it on a layer 2 vlan trunked back to the data center. It is like it is plugged into the ASA. Can you please elaborate on how to set this up a little more. I'm confused about the default route going to my edge router. I have one subnet that is access by the public, and i need it to go through the new ISP. Thats it. ISP2 isn't a back up or there for redundancy.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...